IP Address Inspector
ATTENTION |
|
216.104.15.138
The Project Honey Pot system has detected behavior from the IP address consistent with that of a comment spammer and rule breaker. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.
Lookup IP In: Domain Tools | SpamHaus | Spamcop | SenderBase | Google Groups | Google
Geographic Location | United States (Texas) |
Spider First Seen | approximately 15 years, 2 weeks ago |
Spider Last Seen | within 11 years, 11 months, 3 weeks |
Spider Sightings | 1,093 visit(s) |
User-Agents | seen with 1 user-agent(s) |
First Post On | approximately 13 years, 10 months, 3 weeks ago |
Last Post On | within 13 years, 9 months, 5 weeks |
Form Posts | 5 web post submission(s) sent from this IP |
First Rule-Break On | approximately 14 years, 6 months, 2 weeks ago |
Last Rule-Break On | within 12 years, 8 months, 2 weeks |
Rule Breaks | 3 web page navigation rule(s) broken by this IP |
|
25 comment(s) - Comment on this IP | Collapse All
|
J.Woody commented...
ATTEMPTED SCRIPT ATTACK(Attempt to run exploit script on non existing area)
216.104.15.138 - United States - Trend Micro Incorporated SMALL SAMPLE: 216.104.15.138 - - [26/Oct/2011:19:21:52 +0100] "GET /js/jquery.cookie-modified.js HTTP/1.0" 404 1225 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" October 26 2011 07:05 PM |
WEBSupport commented...
Another Brute Force IP by Trend Micro: 150.70.75.28
September 06 2011 08:03 PM |
C.Paws commented...
I've got 150.70.64.198 and 150.70.75.32 hanging out on my site right now.
Thanks for the tip below, I banned 150.70.* June 14 2011 11:59 AM |
WEBSupport commented...
Two more IP's used by Trend Micro Brute Force bots:
150.70.172.109 150.70.97.43 May 25 2011 07:25 AM |
WEBSupport commented...
Trend Micro Brute Force Bots - Known IP Addresses listed below (IP's added to-date)
Known rule Breakers with attempts at accessing Admin areas including cPanel Frequently trigger Brute Force Locks trying to login to site Admin areas Also known to download payable items and disregarding htaccess 150.70.172.10 150.70.172.102 150.70.172.103 150.70.172.108 150.70.64.194 150.70.64.195 150.70.64.197 150.70.64.198 150.70.64.201 150.70.75.27 150.70.75.30 150.70.75.31 150.70.75.34 150.70.75.36 150.70.97.36 150.70.97.37 Most malicious IP's causing damages to sites, including WordPress 216.104.15.130 216.104.15.134 216.104.15.138 216.104.15.142 Kindly consolidate comments at this IP and Wikipedia http://en.wikipedia.org/wiki/Trend_Micro Trend Micro probably crossed the line to Malware Damages less likely if Trend Micro is uninstalled as it abuse the website's trust in visitors with Admin privileges. May 19 2011 07:48 AM |
E.Stieringer commented...
An administrative user on a site I developed is using Trend Micro as his virus protection software on his computer.
After logging into the administrative section of the site, there is activity from the following IP addresses: 150.70.64.194 216.104.15.138 Both of these IP addresses come from Trend Micro, the former residing in Japan, and the latter in Cupertino, California. The activity from these IP addresses seem to mirror the administrator's activity, even logging in with his credentials. There is one exception: When he updates a section of the website, the bot does the same, but enters "0" in all of the fields, ruining the data which drives the site. .htaccess blocking only affects them sporadically. April 24 2011 03:19 PM |
L.Johnson11 commented...
A repeat case - Trend Micro 'attack bots' seem to be trying to DDOS my sites from a number of different IP's.
216.104.15.130 216.104.15.134 216.104.15.138 216.104.15.142 150.70.0.0 - 150.70.255.255 216.104.0.0 - 216.104.31.255 HTACCESS does not affect the pages they load or the behavior. They also attempted to access administration areas and restricted content, of which provided me with an alert (per attempt). During a single 30-minute period, I received just over 130,000 alerts from pages that were accessed incorrectly or without permissions, and five IP addresses were automatically banned - maybe suing them for non stop abuse will get their attention, if this is a serious issue. If this is functionality built-into Trend Micro being abused (as it would seem), or it is being used in such a way that it is causing many sites to crash, putting my services out of action and risking security, I will indefinitely consider calling them up about it, or ultimately, legal action. April 16 2011 06:37 AM |
WEBSupport commented...
April 07, 2011 - Tough Questions:
Brute Force tactics by Trend Micro detected from the following IP Ranges again: 150.70.0.0 - 150.70.255.255 216.104.0.0 - 216.104.31.255 This IP and several other IPs allocated to Trend Micro continue to brake the rules, triggering Error403 alarms on servers. Trend is known to employ “ethical crackers”; whatever that is, but where do we draw the line? It is probably good having a bot tagging along on your Internet journey to harass malware and botnet sites if you use Trend Antivirus, but what about your bank? Payable items from secured areas are not left alone either, but Trend will probably call it “ethical theft” to ensure that items on sale are not malware infected. Bottom line – Where to draw the line between Malware and AV, or what is ethical? Trend is fighting fire with fire; perhaps a redirected DDOS will provide Trend with enough answers? Tough Questions for sure. April 07 2011 09:30 AM |
M.Hell2 commented...
These 'Trend Micro' attack bots seem to be trying to DDOS my sites from a number of different IP's.
216.104.15.130 216.104.15.134 216.104.15.138 216.104.15.142 Even though they are blocked in htaccess, that doesn't stop them from constantly requesting pages every second and filling up my logs. So I'm thinking, since just blocking the Trend Micro attack bots doesn't seem to be enough, maybe suing them for non stop abuse will get their attention. March 26 2011 11:50 AM |
H.User6603 commented...
This is really weird behavior. Six events logged.
First, ip address 220.255.252.144(SG) appeared on site. Looked like a normal person. Second, ip 150.70.172.104(JP) showed up opening page of my site-index.php. Nothing unusual. Third, ip address 220.255.252.144(SG) began to place an ad on the site. Created path 'editview-si.php?town=Toa-Payoh&category=anything&label=60054058'. Again looked like a normal person , but then he quit. Oddly, he chose 'outside Singapore as his location. Fourth, the Japanese ip address 150.70.172.104(JP) moved to another page of my site, Nothing unusual there. Fifth, a new ip address shows up-216.104.15.138 (US) and tries to acess the path created by the SG ip in Step 3 'editview-si.php?town=Toa-Payoh&category=anything&label=60054058'. This got him blocked/banned from the site, because he tried to acccess the page directly from outside the site. Sixth, an all new Japanese ip address shows up 150.70.75.34 (JP) and attempts to access the same path 'editview-si.php?town=Toa-Payoh&category=anything&label=60054058'. Again, he is blocked/banned from the site because he also tried to acccess the page directly from outside the site. End of events.... 220.255.252.144(SG) 216.104.15.138(US) 150.70.75.34(JP) have a common thread - they used the same path . Also, I assumed that 150.70.172.104(JP) was used also by 'whomever'. I have no idea what they were trying to do, but two of the ips broke the 'no direct access' rule of the editview-si.php page. I blocked 220.255.252.144(SG) manually, also. February 14 2011 06:29 PM |
L.Nicolai commented...
Still active.
Tried to write to a non existing guestbook (honeypot). January 31 2011 03:45 AM |
F.Heinzmann commented...
Attempting to look at our photo gallery security log?
216.104.15.138 - - [30/Jan/2011:16:58:06 -0600] "GET /gallery/viewlog.php HTTP/1.0" 200 5796 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" January 30 2011 11:38 PM |
C.Willits commented...
Attempted user registration on 1/1/2011.
January 03 2011 01:21 PM |
C.Johnson18 commented...
accessing our forums. banned.
August 10 2010 09:43 AM |
C.Hill3 commented...
spammer
July 19 2010 10:51 AM |
H.Toucano commented...
This is really VERY weird.
Today, I sent a private e-mail to 4 corporate people in the UK and Portugal containing a URL link to a folder/files on my private file server. The folder/files are hidden on my file server and ONLY accessible via a direct URL link to them from me. The folder name is complex to avoid hackers guessing the name. Within 20 mins of sending the e-mail IP 216.104.15.138 attempted to access those files using the exact same link as I had previously quoted in my e-mail. Can this mean that IP: 216.104.15.138 is intercepting my e-mails? perhaps through my UK ISP? June 15 2010 09:29 AM |
R.Dunkle commented...
Aggressive spider from TrendMicro. It working with 216.104.15.142.
Slurping entire gallery. Blocked. 216.104.0.0/19 May 28 2010 07:59 PM |
H.User6343 commented...
2010-04-03 10:57:32 216.104.15.138 5 35 5 This request was blocked
2010-04-03 10:57:33 216.104.15.138 5 35 5 This request was blocked April 03 2010 07:17 AM |
D.Smith21 commented...
They keep coming back:
216.104.15.138 2010-01-26 19:54:05 IP address found on http:BL blacklist http:BL: Suspicious Comment Spammer Threat level 30 Age 51 days GET /&type=wordpress2.9.1&wp=abc/&type=wordpress2.9.1&wp=abc HTTP/1.0 Host: www.drumpoint.org User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Accept-Language: en-us Accept: */* January 27 2010 11:59 AM |
J.Brisebois commented...
They have NO BUSINESS accessing this URL:
The following error was generated on Monday, January 25, 2010 - 07:39:00 PM CST Error 404 - Page Not Found Requested URL: http://jummahtube.com/talkback/includes/: Referring URL: http://jummahtube.com IP Address: 216.104.15.138 User Agent:[ Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) ] January 25 2010 08:43 PM |
A.E4 commented...
WOW! All I did was install MicroTrend's ** and then I was looking at my forums logs and saw it was accessing everything that I was! This really freaked me out! Then I was looking at the IP's and started looking them up all here. Every single one had something to do with MicroTrends! Needless to say I uninstalled it!
These are all the IP's that visited my forums in the 1/2 hr I had the program running: 216.104.15.130 216.104.15.142 216.104.15.134 216.104.15.138 And even stopforumspam.com has record of 3 of those comment spamming! January 16 2010 10:02 AM |
D.Smith21 commented...
This IP belongs to TrenMicro.com a web security and antivirus software company. How about that.
216.104.15.138 2010-01-04 16:47:50 IP address found on http:BL blacklist http:BL: Suspicious Comment Spammer Threat level 29 Age 28 days GET /wp-content/plugins/contact-form-7/contact-form-7.js?ver=2.0.7 HTTP/1.0 Host: www.drumpoint.org User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Accept-Language: en-us Accept: */* January 04 2010 12:17 PM |
A.Morris3 commented...
Comment Spammer.
Also used: 216.104.15.138 October 24 2009 11:46 AM |
W.Ni commented...
Comment spammer.
Also used: 216.104.15.130 216.104.15.142 216.104.15.134 October 09 2009 01:34 AM |
A.Bolchis commented...
Comment Spammer
July 26 2009 08:32 PM |
Page generated on: April 24 2024 03:38:59 AM
Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us
Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.
Advertisements displayed on this page are not necessarily endorsed by Project Honey Pot